Linux privilege escalation by exploiting a wildcard injection

computer screen showing code
computer screen showing code
Photo by Sai Kiran Anagani on Unsplash

Welcome back to the Linux Security Series! In this series, we’ll discuss security issues that affect Linux systems and common misconfigurations that lead to them. Let’s get started!

Privilege escalation is a way that attackers can escalate their privileges on a system. For example, let’s say that an attacker has gained access to your web server, but only as a low-privileged user. They cannot read or write sensitive files, execute scripts, or change system configuration. How could they compromise your server and maintain their access there?

If they can find a way to trick the system into thinking that they are the root user, the attacker can carry out more powerful attacks, like reading and writing sensitive files and inserting permanent backdoors into the system. And this is where privilege escalation comes in. Today, let’s talk about how attackers can exploit wildcard injections to escalate their privileges. …


Linux privilege escalation by exploiting a misconfigured PATH variable

Coding in the dark
Coding in the dark
Photo by Kevin Horvat on Unsplash.

Welcome back to the Linux Security Series! In this series, we’ll discuss security issues that affect Linux systems and common misconfigurations that lead to them. Let’s get started!

Privilege escalation is a way that attackers can escalate their privileges on a system. For example, let’s say that an attacker has gained access to your web server, but only as a low-privileged user. They cannot read or write sensitive files, execute scripts, or change system configuration. How could they compromise your server and maintain their access there?

If they can find a way to trick the system into thinking that they are the root user, the attacker can carry out more powerful attacks like reading and writing sensitive files and inserting permanent backdoors into the system. …


Linux privilege escalation by exploiting SUDO rights

Superman action figure
Superman action figure
Photo by Yogi Purnama on Unsplash.

Welcome back to the Linux Security Series! In this series, we’ll discuss security issues that affect Linux systems and common misconfigurations that lead to them. Let’s get started!

Privilege escalation is a way that attackers can escalate their privileges on a system. For example, let’s say that an attacker has gained access to your web server, but only as a low-privileged user. They cannot read or write sensitive files, execute scripts, or change system configuration. How could they compromise your server and maintain their access there?

If they can find a way to trick the system into thinking that they are the root user, the attacker can carry out more powerful attacks like reading and writing sensitive files and inserting permanent backdoors into the system. …


Linux privilege escalation by exploiting an overprivileged process

Man jumping over a cliff in the desert
Man jumping over a cliff in the desert
Photo by Alex Radelich on Unsplash.

Welcome back to the Linux Security Series! In this series, we’ll discuss security issues that affect Linux systems and common misconfigurations that lead to them. Let’s get started!

Privilege escalation is a way that attackers can escalate their privileges on a system. For example, let’s say that an attacker has gained access to your web server, but only as a low-privileged user. They cannot read or write sensitive files, execute scripts, or change system configuration. How could they compromise your server and maintain their access there?

If they can find a way to trick the system into thinking that they are the root user, the attacker can carry out more powerful attacks like reading and writing sensitive files and inserting permanent backdoors into the system. …


How attackers inject into SQL queries and how you can prevent it

computer monitor with code on the screen
computer monitor with code on the screen
Photo by Caspar Camille Rubin on Unsplash

Let’s talk about one of the most severe vulnerabilities that can happen to your application: SQL injections.

SQL injections allow attacker code to change the structure of your application’s SQL queries to steal data, modify data, or potentially execute arbitrary commands in the underlying operating system.

For example, let’s say that your web application’s database contains a table called Users. This table contains three columns: Id, Username, and Password, which respectively contain the user ID, username, and password of each registered user.

table with columns headed ID, username, and password, showing three rows of sample data
table with columns headed ID, username, and password, showing three rows of sample data

And on your website, you prompt your users for their username and password.

example of a log in screen that has the words “Welcome! Log in here!” above empty dialog boxes for username and password
example of a log in screen that has the words “Welcome! Log in here!” above empty dialog boxes for username and password

The username and password that the user submits will be inserted into a SQL query to log the user in. For example, if the user were to enter the username “user” and the password “password123,” this SQL query will be executed to find a user's ID with the matching Username and Password. Your application will then log in the user with that user ID. …


Linux Privilege Escalation By Exploiting The SUID Bit

Image for post
Image for post
Photo by Kevin Horvat on Unsplash

Welcome back to the Linux Security Series! In this series, we’ll discuss security issues that affect Linux systems and common misconfigurations that lead to them. Let’s get started!

Privilege escalation is a way that attackers can escalate their privileges on a system. For example, let’s say that an attacker has gained access to your web server, but only as a low privileged user. They cannot read or write sensitive files, execute scripts, or change system configuration. How could they compromise your server and maintain their access there?

If attackers can find a way to trick the system into thinking that they are the root user, they can carry out more powerful attacks like reading and writing sensitive files and inserting permanent backdoors into the system. And this is where privilege escalation comes in. Today, let’s talk about how attackers can exploit SUID programs to escalate their privileges to become root. …


Learn about the Linux permission model and how it affects your system’s security

smartphone with lock symbol on its screen to indicate that it is secured
smartphone with lock symbol on its screen to indicate that it is secured
Photo by Dan Nelson on Unsplash

Welcome to the Linux Security Series! In this series, I will tackle the fundamentals of Linux security and how attackers attack Linux machines.

Before we dive into Linux systems security, it’s essential to understand the permissions model of Linux machines. Understanding how to manage permissions on Linux systems will help you understand attacks that exploit the permissions system, like most privilege escalation techniques. Let’s get started.

Linux File Permissions

Linux inherited the Unix model of file ownership and permissions. Every file and folder on the system has a set of permissions that specifies who is allowed to do what with that particular file.

There are three types of permissions: read, write, and execute. A read permission on a file enables a user to read the contents of the file. A write permission allows a user to modify or delete the file. …


What SameSite by default means for the future of CSRFs

Image for post
Image for post
Photo by Mak on Unsplash.

CSRF vulnerabilities happen when attackers can initiate forged state-changing requests from a foreign domain. This usually occurs because the user’s browser sends session cookies regardless of where the request originates from.

Besides implementing CSRF tokens to ensure the authenticity of requests, another way of protecting against CSRF is SameSite cookies.

SameSite Cookies

A web application instructs the user’s browser to set cookies via a Set-Cookie header. For example, this header will make the client browser set the value of the cookie PHPSESSID to UEhQU0VTU0lE:

Set-Cookie: PHPSESSID=UEhQU0VTU0lE

Besides the basic “cookie_name=cookie_value” designation, the Set-Cookie header allows several optional flags you can use to protect your users’ cookies. One of them is the SameSite flag, which helps prevent CSRF attacks. When the SameSite flag on a cookie is set to Strict, the client’s browser will not send the cookie during cross-site requests. …


Strategies to finally make people answer your technical questions

Image for post
Image for post
Photo by Rohit Farmer on Unsplash.

Have you ever asked a question on the internet (on Twitter, Reddit, Stack Overflow) just to have it completely ignored?

Lately, I have received many questions about cybersecurity via email and Twitter DMs. And honestly, I am guilty of ignoring quite a few of them. The unfortunate truth is that there are a lot of people online asking technical questions and a much smaller number of people answering questions. When it comes down to it, there is simply not enough time to answer every question in detail.

However, there are things you can do to help people help you on the internet. …


Practical fuzz testing to discover common web vulnerabilities

Image for post
Image for post
Photo by Michael Dziedzic on Unsplash.

Fuzzing is a way of finding bugs using automation. It involves providing a wide range of invalid and unexpected data to an application and then monitoring the application for exceptions. In particular, web application fuzzing is the field of fuzzing web applications to expose common web vulnerabilities, like injection issues, XSS, and more.

I’ve discussed how fuzzing can help you discover XSS and SQL injections automatically in an earlier article. If you haven’t already, please take a look to understand the basics of fuzzing!

But how do you fuzz a web application effectively? And how can you utilize tools to achieve your goals? Today, we’ll take a practical look at how to fuzz for the most common web vulnerabilities using the open-source tool Wfuzz. …

About

Vickie Li

Professional investigator of nerdy stuff. Hacks and secures. Creates god awful infographics. https://twitter.com/vickieli7

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store